Behaviour analysis is a powerful way of looking at how actions take place with a view to improving their success. Of course, a primary target for companies is to ensure the security of their transactions, and behaviour analysis can help this in two distinct ways.
Humans, be they good operators like colleagues or customers, or bad operators like hackers, industrial spies, or fraudsters, can be encouraged to act in positive ways by changing their behaviour.
Systems, from a simple computer, to full networks of multiple technologies, can also be assessed for potential security vulnerability using techniques of behaviour analysis.
1. Human behaviours
If there were no humans involved in a system, there would be very little cybercrime, so getting good security awareness, and using secure procedures is a fundamental way of improving security. Here are some examples of practices that will help:
– Use strong passwords
– Use anti-virus software and firewalls
– Always run the latest version of the software
– Log out of sites after you have finished and shut down your computer
– Use only trusted and secure connections, computers and devices (including Wi-Fi)
– Stay informed about risks – try to avoid scams and phishing
– Always opt to provide a minimal amount of personal information needed for any online interaction – keep your identity protected
– Be aware of your physical surroundings when online – who is overlooking your screen
– Report cybercrimes and criminals to the authorities.
All of these are behavioural changes. Perhaps we can all fall into dangerous habits, without being encouraged to check our actions.
2. System Behaviour
Using the processes of machine learning, and other artificial intelligence techniques it is possible to programme computers, or indeed whole systems, to recognise activities and behaviour which are exceptional and could be the indicators of malevolent intrusion.
Human activities, and especially interactions with information technology, can be measured, and observed, and that behaviour analysis forms the basis of recognition algorithms.
Using techniques to deal with big data, it is possible to build a large database of normal, expected activity. This makes it easier for systems or individual machines, to detect abnormal actions, and either prevent them or provide a warning.
Well known hacking processes have distinct signatures which can be recognised by artificial intelligence operations.
Examples of actions which can be signals of malign intrusion include:
– A link inserted into what looks like an innocent file and then triggers an invasive script to steal data
– Malicious code is inserted into existing software packages, targeting vulnerabilities, and executing malware
– Existing system tools, already installed, have code injected which can be remotely triggered to steal data
Systems can be trained to see such intrusions and give warning. The desired result is that such detection occurs before damaging malicious actions can fully establish, and it is to be hoped that it will point towards locating and neutralising the source of the malware.